The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

BlackSuit Confirmed as Royal Ransomware Rebrand

Aug 12, 2024 2:08:09 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Royal, BlackSuit

0 Comments

Verticals Targeted: Critical Infrastructure, Healthcare, Government, Manufacturing 

Executive Summary

BlackSuit is a ransomware family that targets both Windows and Linux systems. A recent joint advisory published by CISA and the FBI confirmed BlackSuit is a rebrand of Royal. The advisory also highlighted new BlackSuit ransomware activity.

Read More

Play Ransomware Linux Variant Discovered

Jul 26, 2024 3:02:38 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Play, ESXi

0 Comments

Executive Summary

A Linux variant of Play ransomware has been observed that is capable of targeting ESXi environments.

Read More

GhostLocker Ransomware

Jul 5, 2024 2:05:23 PM / by The Hivemind posted in Threat Bulletin, Ransomware, GhostLocker, GhostSec, Stormous

0 Comments

Verticals Targeted: Technology, Education, Manufacturing, Transportation, Government

Executive Summary

GhostLocker, a ransomware family that has been in the wild since late 2023, is now under new management. Stormous, the new GhostLocker operators, have stated they are updating the program and will offer some ransomware services for free.

Read More

RansomHub

Jun 14, 2024 2:22:45 PM / by The Hivemind posted in Threat Bulletin, Ransomware, RansomHub, Knight

0 Comments

Related Families: Knight
Verticals Targeted: Healthcare, Financial, Auction House, Technology, Government

Executive Summary

RansomHub, a ransomware as a service (RaaS), is an offshoot of Knight and has quickly become one of the most active ransomware families in 2024.

Read More

TargetCompany Ransomware Linux Variant

Jun 10, 2024 2:25:02 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Asia, APAC, TargetCompany, ESXi

0 Comments

Verticals Targeted: Healthcare, Finance, Government, Manufacturing, Education, Information Technology, Retail, Transportation, Utilities, Telecommunications

Executive Summary

A new Linux variant of TargetCompany ransomware was recently discovered that uses a custom shell script to deliver and execute payloads in ESXi environments.

Read More

Black Basta Targeting Critical Infrastructure

May 17, 2024 2:19:41 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Black Basta, Healthcare, Emerging Threat

0 Comments

Related Families: Qakbot
Verticals Targeted: Critical Infrastructure, Healthcare

Executive Summary

CISA recently issued an advisory warning critical infrastructure entities to harden their defenses against attacks from Black Basta.

Read More

Cerber Ransomware Linux Variant Exploiting CVE-2023-22518

Apr 22, 2024 2:02:42 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Cerber, CVE-2023-22518, Confluence

0 Comments

Related Families: Effluence

Executive Summary

A Linux variant of Cerber ransomware was observed exploiting CVE-2023-22518, a vulnerability affecting Atlassian Confluence.

Read More

INC Ransomware

Apr 8, 2024 2:23:53 PM / by The Hivemind posted in Threat Bulletin, Government, Ransomware, Healthcare, INC

0 Comments

Verticals Targeted: Government, Healthcare

Executive Summary

INC is a relatively new ransomware group that has been active since summer 2023. The group recently claimed responsibility for attacks on Leicester City Council and NHS services in Scotland.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More